darkassassin07 652 Posted July 26, 2017 Posted July 26, 2017 (edited) Any and all attempts to connect to my emby server using the https port (8920) result in the connection timing out. This happens with localhost:8920 on the server machine as well as any device using the local address in LAN, and devices using the WAN ip/domain. (all of these work fine with http) The browser loads for ages and eventually times out unable to find the server. Attached is my latest server log. ------Edit------ When you go yo make a connection to your server... Dont forget to prefix if with https:// Sigh.... server-63636624000.txt Edited July 28, 2017 by darkassassin07
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 Im using the default self-signed cert (im aware of that issue), however im not even getting that far, the browsers cant find the server all together let alone receive the cert and decided if its valid.
Luke 42077 Posted July 26, 2017 Posted July 26, 2017 The browsers are going to reject the self signed cert. For best results you'll want a trusted cert, like letsencrypt for example.
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 Using "ping tools network utilities" from google play android if I probe port 8096 I get a response, however probing port 8920 yields no response
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 As i said, its not a certificate issue, the https server is not available at all, it is not serving up a certificate at all as it is not accepting ANY connections o the https port
Luke 42077 Posted July 26, 2017 Posted July 26, 2017 Can you provide a server log from initial server startup? Thanks.
Luke 42077 Posted July 26, 2017 Posted July 26, 2017 Ok, no startup errors, which means the server was able to bind to the port. It looks to me like something in your environment is just blocking access on that port. It could be related to security software you may have installed and or windows firewall.
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 Ill take a look through avast and windows firewall and see if i can find anything off
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 (edited) Well, avasts firewall is not active, and MediaBrowser.serverapplication.exe in the emby-server folder is allowed through windows firewall. Though I don't think that's the problem as this problem happens on the server machine using localhost:8920 as well Edited July 26, 2017 by darkassassin07
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 I just tried swapping the port numbers in advanced settings, making http 8920 and https 8096. The problem persists, http works on 8920, but https is still unreachable
Tur0k 148 Posted July 26, 2017 Posted July 26, 2017 (edited) Have you checked your advanced inbound firewall rules in your windows control panel. You will need an explicit allow rule for TCP traffic on port 8920 on whatever policy group you assign you local LAN on the server (private, public, domain). Also, if you plan on making this available on the public Internet there is an addition inbound setting something like "allow edge traversal" you will need to enable. Sent from my iPhone using Tapatalk Edited July 26, 2017 by Tur0k
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 (edited) Windows firewall has an inbound rule for emby to allow all ports both udp and tcp. I also manually added a rule for inbound 8920tcp as well as allow emby outbound. That should not be the problem though. 8096 http works fine, but swapping https to 8096 still doesn't work. Emby referring to the .exe i mentioned a few posts up. No change :/ Edited July 26, 2017 by darkassassin07
chef 3810 Posted July 26, 2017 Posted July 26, 2017 This might be a stupid question but are you on a 3G or 4G network on your phone and typing in your public IP address with your HTTPS port? Are you trying to use Https on your subnet? or logging in from your public IP? "https://{PUBLIC_IP}:8920" making sure that your modem/router has TCP/UDP ports forwarded? Perhaps trying to change your port to: 443 for your HTTPS in the emby advanced configuration, port forward it on your router and try to connect again. I'm not sure if this is helping.
Jdiesel 1431 Posted July 26, 2017 Posted July 26, 2017 (edited) I don't see any mention of the self signed certificate in your log files. Can you check the SSL directory in the Emby userdata folder for any pfx files? Edit: After a further look I do not see any mention of a pfx certificate being loading in my logs either anf https is working for me. At one point in time that information was displayed as I recall using it to troubleshoot a certificate issue I was having. Edited July 26, 2017 by Jdiesel
darkassassin07 652 Posted July 26, 2017 Author Posted July 26, 2017 All the local devices are on the same subnet (192.168.0.x) and i am using the local ip of the server to attempt connections in network. Though localhost doesn't leave the system, disregarding the network and that fails to find the server as well. The ssl directory contains 2 .pfx files
Luke 42077 Posted July 26, 2017 Posted July 26, 2017 Neither of the logs you provided report any incoming https requests which would suggest the traffic is not reaching Emby Server.
Tur0k 148 Posted July 26, 2017 Posted July 26, 2017 (edited) Ok, now that you confirmed that the port is open on your software firewall confirm the following: 1. Confirm that you are adjusting The field "local HTTPS port number" (settings - server dashboard - advanced) this is the field that adjusted the port that Emby listens on for encrypted connections. The public HTTPS port number" is used to support port translation from your firewall to your Emby server. 2. Is UAC enabled? 3. Is Emby running with admin permissions on the server? 4. Confirm that the port isn't being used by another service. From an elevated command prompt run: netstat -abn. Look for services with a local address of 0.0.0.0:8920. Try to tie it to a service. If you find one you may need to either move its listening port or emby's listening port. Sent from my iPhone using Tapatalk Edited July 26, 2017 by Tur0k
Witmarquzot 0 Posted July 26, 2017 Posted July 26, 2017 I got it to work by following the following direction to create my own ssl certificate https://blog.didierstevens.com/2015/03/30/howto-make-your-own-cert-with-openssl-on-windows/ You may need to ctrl+shift+C to exit open ssl and redo set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl. between req -new -x509 -days 1826 -key ca.key -out ca.crt and genrsa -out ia.key 4096 then followed https://stackoverflow.com/a/38363589/6410573 Then when i went to https://127.0.0.1:8920 and it worked
Witmarquzot 0 Posted July 26, 2017 Posted July 26, 2017 All the local devices are on the same subnet (192.168.0.x) and i am using the local ip of the server to attempt connections in network. Though localhost doesn't leave the system, disregarding the network and that fails to find the server as well. The ssl directory contains 2 .pfx files Are choisng a .pfx or a directory? you have to choose a .pfx else it won;t load
darkassassin07 652 Posted July 27, 2017 Author Posted July 27, 2017 (edited) If i manually point emby at the self-signed cert it created in the ssl folder i get the error: System.Security.Cryptography.CryptographicException: The specified network password is not correct. (in attached log) what is the password for the default cert? Edit: at first I wasn't specifying a cert, I was letting emby create/chose its own. now i'm manually pointing it at the .pfx its created and getting an error. server-63636701584.txt Edited July 27, 2017 by darkassassin07
Luke 42077 Posted July 27, 2017 Posted July 27, 2017 You can't manually point it to the self signed cert. To set one up manually, you need your own cert. You might as well just do that anyway because as we've been saying, you say you want to play with https and the browsers are going to reject the self signed cert anyway.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now